Wintermute CEO, Evgeny Gaevoy has confirmed that the multi-million-dollar Wintermute hack may has been linked to a critical bug in the Ethereum vanity address-generating tool called Profanity.
Wintermute, a crypto asset algorithmic market maker, was on Tuesday hit by $160 million in its DeFi operations, according to founder and CEO Evgeny Gaevoy. More than 90 assets of different values were stolen, he said.
The hack comes a few days after 1inch flagged Profanity-generated addresses as high risk.
Profanity is a tool that lets Ethereum users create “vanity addresses” – personalized wallet addresses that contain human-readable messages, which make transfers easier.
Profanity bug leads to wallet breach
Binance CEO, Changpeng Zhao posted on Twitter that the Wintermute exploit looked “like Profanity-related” but did not explain how.
“If you used vanity addresses in the past, you might want to move those funds to a different wallet,” he cautioned.
Polygon chief information security officer Mudit Gupta corroborated the allegations with evidence.
“I took a quick look and my best guess is that it was a hot wallet compromise due to the Profanity bug that was publicly disclosed a few weeks ago,” Gupta said in a blog post.
“The vault only allows admins to do these transfers and Wintermute’s hot wallet is an admin, as expected. Therefore, the contracts worked as expected but the admin address itself was likely compromised,” he said, adding:
“The admin address is a vanity address (starts with a bunch of zeroes) which might have been generated using the famous but buggy vanity address generating tool called Profanity.”
Crypto security company Certik also explained how the attack was carried out. “The exploiter used a privileged function with the private key leak to specify that the swap contract was the attacker-controlled contract,” the blog post read.
Vanity addresses are supposed to be impossible to replicate but hackers have found a way to reverse calculate these codes, accessing millions of dollars.
Wintermute CEO, Evgeny Gaevoy later confirmed that hack was linked to Profanity. Evgeny was breaking down the incident. “The attack was likely linked to the Profanity-type exploit of our DeFi trading wallet. We did use Profanity and an internal tool to generate addresses with many zeroes in front. Our reason behind this was gas optimization, not “vanity” he stated in a Twitter thread.
Warning ignored?
Wintermute’s hack comes a few days after DEX aggregator 1inch Network issued a warning that people whose accounts are connected to Profanity were not safe. The firm discovered a vulnerability in the popular vanity address tool, which put millions of dollars in user money at risk.
“Transfer all of your assets to a different wallet as soon as possible,” 1inch warned at the time. “If you used Profanity to get a vanity smart contract address, make sure to change the owners of that smart contract.”
Evgeny…
Read More: beincrypto.com